Every company has secrets. Sometimes, a product is kept under wraps because of a perceived competitive advantage; other times, it’s to protect against stock-price fluctuations or to comply with industry regulations.
Gilbert Wong has been in the technology industry for 17 years, with AT&T, Corbis, and for the last three years, Slalom Consulting in Seattle, where he’s the national director for digital strategy. Wong guesses that he’s worked on dozens of top-secret projects over the years. And the security levels on these projects ran the gamut, from loose and informal to near-lockdown mode.
He recalls working on a super-secret project when every meeting began with a warning slide on a PowerPoint deck about what would happen if you violated your nondisclosure agreement.
“Basically, you’d be fired and could face potential legal action, depending on what you leaked,” Wong says. “It can be a bit extreme, when it’s repeated so many times.”
Every company has secrets. Sometimes, a product is kept under wraps because of a perceived competitive advantage; other times, it’s to protect against stock-price fluctuations or to comply with industry regulations. So, what’s it like to work in an environment where some people are privy to secret information, and others aren’t? And what methods do companies employ to keep things quiet?
Companies, particularly in tech, often use nondisclosure agreements, or NDAs. These contracts create a confidential agreement between the two parties to protect trade secrets, and as with Wong’s project, provide legal recourse if broken.
Other businesses, usually larger ones, restrict access to certain buildings, rooms and areas for employees working on secret products. Project-restricted passwords and logins are another tactic, as are email groups.
Pranav Dhillon (not his real name) has been an IT manager for many years. In his previous job, security was super-tight. “I couldn’t talk about the vendors we were working with or the products we were deploying, even after deployment when it was no longer a secret.” To get to the room where the back-end computers were required a key card with four layers of security.
Still, Dhillon prefers that environment to the one at his current company, which has a very trust-based culture. There’s plenty of top-secret stuff going on, and he’s been directed very specifically whom he can and can’t tell. But he’s never signed an NDA, and he’s never been subject to any formal security structure. Everything is conveyed verbally, and that feels uncomfortable sometimes.
“It’s almost more important to be explicit with us and controlling of the environment because there’s such a collaborative culture and everyone has an opinion about everything,” he says.
Jay Allen, chief technology officer at Seattle-based Porch, believes transparency is the way to go — at least, at his company of 350 employees. “When we look at the pros and cons and rewards and risks, we greatly favor people being engaged and motivated, which means having access to all the information they think they need to have,” he says.
The home-improvement networking website takes intellectual property very seriously, and has rules in place regarding sharing information. But there are no offices, and employee goals and product road maps are on whiteboards throughout the workspace. “We’ve erred consciously on the side of oversharing rather than undersharing,” Allen says.
Seattle-based Redfin, a real estate brokerage company, operates in much the same way. It has sensitive customer data, but only certain groups in the company have access to it, says Bridget Frey, the company’s chief technology officer. Redfin uses Google Apps for Work, which includes Gmail and Google Docs, to define email groups for certain projects and place extra security on confidential documents.
The rest, she says, is just common sense. “We talk a lot about the types of projects we’re working on, and we make sure we’re clear on communication, how we store documents and which groups of people should be invited to participate,” she says. “But we give all the employees the information they need, and they can use their own judgment.”